| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/frame_host/ancestor_throttle.h" | 5 #include "content/browser/frame_host/ancestor_throttle.h" |
| 6 | 6 |
| 7 #include "base/metrics/histogram_macros.h" | 7 #include "base/metrics/histogram_macros.h" |
| 8 #include "base/strings/string_split.h" | 8 #include "base/strings/string_split.h" |
| 9 #include "base/strings/string_util.h" | 9 #include "base/strings/string_util.h" |
| 10 #include "base/strings/stringprintf.h" | 10 #include "base/strings/stringprintf.h" |
| (...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 98 | 98 |
| 99 AncestorThrottle::~AncestorThrottle() {} | 99 AncestorThrottle::~AncestorThrottle() {} |
| 100 | 100 |
| 101 NavigationThrottle::ThrottleCheckResult | 101 NavigationThrottle::ThrottleCheckResult |
| 102 AncestorThrottle::WillProcessResponse() { | 102 AncestorThrottle::WillProcessResponse() { |
| 103 DCHECK(!navigation_handle()->IsInMainFrame()); | 103 DCHECK(!navigation_handle()->IsInMainFrame()); |
| 104 | 104 |
| 105 NavigationHandleImpl* handle = | 105 NavigationHandleImpl* handle = |
| 106 static_cast<NavigationHandleImpl*>(navigation_handle()); | 106 static_cast<NavigationHandleImpl*>(navigation_handle()); |
| 107 | 107 |
| 108 // Downloads should be exempt from checking for X-Frame-Options, so |
| 109 // proceed if this is a download. |
| 110 if (handle->is_download()) |
| 111 return NavigationThrottle::PROCEED; |
| 112 |
| 108 std::string header_value; | 113 std::string header_value; |
| 109 HeaderDisposition disposition = | 114 HeaderDisposition disposition = |
| 110 ParseHeader(handle->GetResponseHeaders(), &header_value); | 115 ParseHeader(handle->GetResponseHeaders(), &header_value); |
| 111 | 116 |
| 112 switch (disposition) { | 117 switch (disposition) { |
| 113 case HeaderDisposition::CONFLICT: | 118 case HeaderDisposition::CONFLICT: |
| 114 ParseError(header_value, disposition); | 119 ParseError(header_value, disposition); |
| 115 RecordXFrameOptionsUsage(CONFLICT); | 120 RecordXFrameOptionsUsage(CONFLICT); |
| 116 return NavigationThrottle::BLOCK_RESPONSE; | 121 return NavigationThrottle::BLOCK_RESPONSE; |
| 117 | 122 |
| (...skipping 187 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 305 HeadersContainFrameAncestorsCSP(headers)) { | 310 HeadersContainFrameAncestorsCSP(headers)) { |
| 306 // TODO(mkwst): 'frame-ancestors' is currently handled in Blink. We should | 311 // TODO(mkwst): 'frame-ancestors' is currently handled in Blink. We should |
| 307 // handle it here instead. Until then, don't block the request, and let | 312 // handle it here instead. Until then, don't block the request, and let |
| 308 // Blink handle it. https://crbug.com/555418 | 313 // Blink handle it. https://crbug.com/555418 |
| 309 return HeaderDisposition::BYPASS; | 314 return HeaderDisposition::BYPASS; |
| 310 } | 315 } |
| 311 return result; | 316 return result; |
| 312 } | 317 } |
| 313 | 318 |
| 314 } // namespace content | 319 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2874933002:
Don't enforce X-Frame-Options for downloads. (Closed)
